Note that right after you add the security starter pom to your classpath, the auto configuration kicks in and your app is secured by default (the default password is logged on the application startup). I will override that default configuration and customize it later on.

In most cases when you create a web application you need to restrict it to certain groups of users with login and password, manage their roles and sessions. Spring Security helps to develop secured apps supporting all of the AAA aspects: authentication, authorization and accounting.

This post will teach you basics about the login & password authentication along with roles and permissions. The code is based on the Spring boot MVC tutorialwith Java Configuration (Annotation driven).

Spring boot security is provided in the security package. Add this dependency to the build.gradle:

compile("org.springframework.boot:spring-boot-starter-security")

3. Add basic authentication

This Java configuration will create a Servlet Filter for all of your Security. It will protect the application URLs, validate username and password, handle redirects to login form etc. The most basic configuration is to use the hardcoded login, password and role. This way all of your resources will be protected with these credentials.

To do it you need to create a Security Configuration class, extending the WebSecurityConfigurerAdapter, and annotated with @Configuration and @EnableWebMvcSecurity (or any other security scoped annotation: @EnableWebSecurity, @EnableGlobalMethodSecurity or @EnableGlobalAuthentication).

Did I help you?
I manage this blog and share my knowledge for free, sacrificing my time. If you appreciate it and find this information helpful, please consider making a donation in order to keep this page alive and improve quality